Re: [provision] WS-CAF and the "Session Context Token"

[Gary P Cole <Gary.P.Cole@Sun.COM>]

Doesn't sound like we can in the short term defer to any other standard 
(including WS-CAF). Furthermore, these sound like overkill (since we are 
not talking about composite applications).

So, we can:
A) Formalize with a less objectionable name (such as "operational context")
the notion of an opaque context that the provider returns
and that the requestor may pass on subsequent requests
to improve performance.
B) Ignore it (and let each implementation roll its own "operational 
context").

prateek mishra wrote:

> As part of a discussion that began with message:
> http://www.oasis-open.org/apps/org/workgroup/provision/email/archives/200506/msg00065.html
> I had taken an action to investigate the proposed work in the WS-CAF 
> TC to see this effort would meet these requirements.
> The WS-CAF involves the development of a family of specifications that 
> " define a generic and open framework for applications that contain 
> multiple services used in combination (composite applications)." Three 
> specifications are planned: WS-Context, WS-Coordination and a third to 
> be named later.
> The WS-Context specification is of particular interest. It provides "a 
> definition, a structuring mechanism, and service definitions for 
> organizing and sharing context across multiple execution endpoints." 
> Context may include a range of information but always include
>
> "A mandatory wsctx:contextIdentifierType called 
> wsctx:context-identifier. This identifier can be thought of as a 
> “correlation” identifier or a value that is used to indicate that a 
> Web service is part of the same activity. The 
> wsctx:contextIdentifierType is a URI with an optional wsu:Id 
> attribute. It MUST be unique."
> While the specification is pretty general, it also states that "where 
> messages (either application messages, or WS-Context protocol messages 
> themselves) require contextualization, the context is transported in a 
> SOAP header block".
> I couldn't see a proposed date for OASIS standardization for 
> WS-Context. A recent draft has been published and is being worked on 
> (also discussion of interop). My guess would be that it would be an 
> OASIS standard by end-of-year.
> SUMMARY:
> The WS-Context specification appears to provide a solution to some of 
> the requirements described in Gary's message. However, the term 
> "Session Context" is absent from WS-Context so maybe there are some 
> requirements (e.g., session time-out?) that are not captured there.
> My own suggestion in that space is that concepts like sessioning and 
> time-outs should definitely be left to the security layer (distinct 
> from both WS-CAF and SPML) and I question whether the PSTC should 
> provide any additional support for it within SPML. Unfortunately, a 
> general purpose sessioning model for messages is not yet under 
> development by a standards body. There is a draft produced by a group 
> of vendors called WS-SecureConversation but I have no idea when it 
> will move to a standards group.
> REFERENCES
> ---------------------
> 1. OASIS WS-CAF TC Web Page
> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-caf
> 2. WS-Context, draft version 0.9.2, July 2005
> http://www.oasis-open.org/committees/download.php/13329/WS-Context.zip